The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Script ACL

Go to solution
Pastupe
Mega Guru

‎11-01-2017 07:35 AM

Hello

Im getting lost in scripting ACL

What I need is to create ACL where:

User can see only tickets where user is member of group to which ticket is either assigned or watchlisted

Anyone know how to do it?

With the below script Im not getting correct results for READ ACL.

See it below, it should give me back 6 records to read and it giving me back just 3, why ?

please help

/Petr

find_real_file.png

find_real_file.png

find_real_file.png

Preview file
41 KB
Preview file
39 KB
Preview file
60 KB
0 Helpfuls
  • 29,106 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to Pastupe

‎11-01-2017 07:59 AM

As noted before, try it with one ACL criteria and two ACLs. Debug the one to determine group membership first. Test it, get it working, etc. If someone comes along later and says "No, we don't need that" it's a simple matter of deactivating it rather than modifying code. Don't pile both bits of logic in one ACL.



ACL 1:


answer = gs.getUser().isMemberOf(current.u_assignment_group.getDisplayValue());



ACL 2:



var result = false;


var list = current.u_support_team_involved.toString().split(',');


for (var i = 0; i < list.length; i++) {


        var grp = new GlideRecord('sys_user_group');


        grp.get(list[i]);


        if (gs.getUser().isMemberOf(grp.getDisplayValue()) {


                  result = true;


                  break;


        }


}



answer = result;


View solution in original post

23 REPLIES 23

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee
In response to Pastupe

‎11-01-2017 08:31 AM

Which means you have two groups with the name HR Global, but with different sys_ids? Can you check, if your user you use for testing is member of both groups? Otherwise your ACLs work as expected, as the user seems not to be member of both groups.


Go to solution
Pastupe
Mega Guru
In response to Ulrich Jugl

‎11-01-2017 08:43 AM

This is strange really, because if I run report based on AG name, I get again 1 record back, so at the end I have really just 1 group



/Petr


find_real_file.png


Preview file
12 KB
0 Helpfuls

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee
In response to Pastupe

‎11-01-2017 08:45 AM

And if you do the same on the Condition of the u_hr table? If you filter for u_assignment_group.sys_id = ''?


0 Helpfuls

Go to solution
Pastupe
Mega Guru
In response to Chuck Tomasi

‎11-01-2017 08:25 AM

I have got something strange


with ACL 2 it seems to be working, but only for new tickets which are


Some tickets still not in the list even they fulfil ACL criteria - e.g. HR0000137 - img below



If I create ticket from scratch, it then works and is displayed



Have you idea what could be behind?



/Petr


200a.png


Preview file
84 KB
0 Helpfuls

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee

‎11-01-2017 07:48 AM

Untested, but try:



answer = userIsMemberOfGroup();


function userIsMemberOfGroup() {


var supportTeams = current.getValue('u_support_team_involved');


var assignmentGroup = current.getValue('u_assignment_group');


var arr = supportTeams.split(',');


arr.push(assignmentGroup);



for (var i = 0; i < arr.length; i++) {


        //check if user is member of current group


        if (gs.getUser().isMemberOf(arr[i].toString())) {


                  return true;


        }


}


}